CC Task 6 IAM

PHOTO EMBED

Wed Jan 22 2025 05:36:06 GMT+0000 (Coordinated Universal Time)

Saved by @signup 

Task 6:
1. AWS Identity and Access Management (IAM) Task
2. Introduction to Amazon Relational Database Service (RDS) - SQL Server)

AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.

Task1: Creating Users:
Step 1: Sign in to the AWS Management Console
Go to the AWS Management Console at https://aws.amazon.com/console/.
Sign in with your AWS account credentials.
Step 2: Navigate to the IAM (Identity and Access Management) Service
In the AWS Management Console, search for IAM in the search bar or find it under the Security, Identity, & Compliance category.
Click on IAM to open the IAM dashboard.
Step 3: Create a New User
In the IAM dashboard, click on Users in the left-hand menu.
Click on Create User
Step 4: Configure the User Details
Enter the User name :User1
Under Select AWS access type, check AWS Management Console access.
For Console password, choose Custom password (You create a password for the User1 as User1@123).
Uncheck   Require password reset to force the user to change their password upon first login.
. Step 5: Set Permissions
Click Next: Permissions.
Choose the following options to set permissions for the user:
Attach existing policies directly: Select policies that define the permissions for the user.
Step 6: Review and Create the User
Click Next: Tags to add optional tags for the user.
Click Next: Review to review the user's details and permissions.
Click Create user to finalize the process.
Click on download .csv file 
 Repeat above steps  for to create User2 and User3
Task 2: Create UserGroups
(a) Create “EC2-Admin”  UserGroup
Step 1: Navigate to the IAM (Identity and Access Management) Service
In the AWS Management Console, search for IAM in the search bar or find it under the Security, Identity, & Compliance category.
Click on IAM to open the IAM dashboard.
Step 2: Create a New User Group
In the IAM dashboard, click on User groups in the left-hand menu.
Click on Create group.
Step 3: Configure the Group Details
Enter EC2-Admin as the Group name.
Click Create group to create the group without attaching any policies at this step.
Step 4: Attach an Inline Policy to the Group
In the User groups list, click on the EC2-Admin group name.
Click on the Permissions tab.
Click Add permissions and then select Create inline policy.
Step 5: Define the Inline Policy
In the Create policy editor, switch to the JSON tab.
Paste the following policy JSON to allow view, start, and stop access to EC2 instances:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeImages",
                "ec2:DescribeVolumes",
                "ec2:DescribeTags",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeSnapshots"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:*:*:instance/*"
        }
    ]
}

Step 7: Name and Attach the Policy
Enter a name for the policy, such as EC2-ViewStartStopAccess.
Click Create policy to attach it to the group.
Step 8: Add Users to the Group
In the EC2-Admin group page, click on the Users tab.
Click Add users.
Select the User3 to add to this group.
Click Add users to finalize the process.

(b) Create “EC2-Support”  UserGroups
Step 1: Navigate to the IAM Service
In the AWS Management Console, search for IAM in the search bar or find it under the Security, Identity, & Compliance category.
Click on IAM to open the IAM dashboard.
Step 2: Create a New User Group
In the IAM dashboard, click on Groups in the left-hand menu.
Click on Create New Group.
Step 3: Configure the Group Details
Enter EC2-Support as the Group Name.
Click Next Step to proceed.
Step 4: Attach a Policy to the Group
On the Attach Policy page, use the search bar to find the AmazonEC2ReadOnlyAccess policy.
Select the checkbox next to AmazonEC2ReadOnlyAccess.
Click Next Step to continue.
Step 5: Review and Create the Group
Review the group's name and attached policies.
Click Create Group to finalize the process.
Step 6: Add Users to the Group (Optional)
To add users, go to the Groups section, select EC2-Support, click on the Group Actions dropdown, and choose Add Users to Group.
Select the User2 and click Add Users.
(c) Create “S3-Support”  UserGroup
Step 1: Navigate to the IAM (Identity and Access Management) Service
In the AWS Management Console, search for IAM in the search bar or find it under the Security, Identity, & Compliance category.
Click on IAM to open the IAM dashboard.
Step 2: Create a New User Group
In the IAM dashboard, click on User groups in the left-hand menu.
Click on Create group.
Step 3: Configure the User Group Details
In the Group name field, enter S3-Support.
Click Next.
Step 4: Attach the S3 Read-only Access Policy
On the Attach policies page, search for AmazonS3ReadOnlyAccess.
Check the box next to the AmazonS3ReadOnlyAccess policy to grant the group read-only access to Amazon S3.
Click Next.
Step 5: Review and Create the Group
Review the group name and attached policy on the Review page.
Click Create group to finalize the process.
Step 6: Add Users to the Group (Optional)
In the User groups page, click on the S3-Support group you just created.
Click on the Users tab.
Click Add users.
Select the User1 to add to this group, Click Add users.
Task 3: Create EC2 Instance named “MyServer” with Linux OS Image 
Task 4: Create S3 bucket and add some files to bucket
Task 5: Sign-In and Test Users
1. In the navigation pane on the left, choose Dashboard.
A Sign-in URL for IAM users in this account link is displayed on the right. It will look similar to: https://123456789012.signin.aws.amazon.com/console
This link can be used to sign-in to the AWS Account you are currently using.
Copy the Sign-in URL for IAM users in this account to a text editor.


2. Open a private (Incognito) window.


Choose the ellipsis at the top-right of the screen
Select New Incognito Window
3. Paste the IAM users sign-in link into the address bar of your private browser session and press Enter.
Sign-in with:
IAM user name: User1
Password:User1@123
4. In the search box to the right of Services, search for and choose S3 to open the S3 console.
Choose the name of the bucket that exists in the account and browse the contents.
Since your user1 is part of the S3-Support Group in IAM, they have permission to view a list of Amazon S3 buckets and the contents.
Now, test whether they have access to Amazon EC2.
 5. In the search box to the right of Services, search for and choose EC2 to open the EC2 console.
In the left navigation pane, choose Instances.
You cannot see any instances. Instead, you see a message that states You are not authorized to perform this operation. This is because this user has not been granted any permissions to access Amazon EC2.
6. At the top of the screen, choose User1
Choose Sign Out
7. Now sign-in as User2, who has been hired as your Amazon EC2 support person.
Paste the IAM users sign-in link into your private browser tab's address bar and press Enter.
Sign-in with:
IAM user name: User2
Password:User2@123 
8. In the search box to the right of Services, search for and choose EC2 to open the EC2 console.
In the navigation pane on the left, choose Instances.
You are now able to see an Amazon EC2 instance “MyServer” because you have Read only permissions. 
However, you will not be able to make any changes to Amazon EC2 resources.
9. Select the instance named  ”MyServer”
In the Instance state menu above, select Stop instance.
In the Stop Instance window, select Stop.
You will receive an error stating You are not authorized to perform this operation. This demonstrates that the policy only allows you to view information, without making changes.
Choose the X to close the Failed to stop the instance message.
10. Next, check if User-2 can access Amazon S3.
In the search box to the right of Services, search for and choose S3 to open the S3 console.
You will see the message “You don't have permissions to list buckets” because User2 does not have permission to access Amazon S3.
At the top of the screen, choose User-2
Choose Sign Out
11. You will now sign-in as User3, who has been hired as your Amazon EC2    administrator.
Sign-in with:
IAM user name: User3
Password: User3@123
 12. In the search box to the right of Services, search for and choose EC2 to open the EC2 console.
In the navigation pane on the left, choose Instances.
As an EC2 Administrator, you should now have permissions to Stop the Amazon EC2 instance.
13. Select the instance named “MyServer”
In the Instance state menu, choose Stop instance.
In the Stop instance window, choose Stop.
The instance will enter the stopping state and will shutdown.
content_copyCOPY